Merge pull request #3 from kstep/creds-in-body

optionally pass credentials in request body
2016-01-25 19:14:01 -05:00 · 2016-01-25 19:14:01 -05:00 · 0b3a52dba8
parent 3be25b6e6c 22123533ba
commit 0b3a52dba8
2 changed files with 12 additions and 0 deletions
--- a/src/client/mod.rs
+++ b/src/client/mod.rs
@ -154,6 +154,11 @@ impl<P: Provider> Client<P> {
            body_pairs.push(("redirect_uri", redirect_uri));
        }

+        if P::credentials_in_body() {
+            body_pairs.push(("client_id", &self.client_id));
+            body_pairs.push(("client_secret", &self.client_secret));
+        }
+
        let json = try!(self.post_token(body_pairs));
        let token = try!(P::Token::from_response(&json));
        Ok(token)
--- a/src/provider.rs
+++ b/src/provider.rs
@ -19,6 +19,13 @@ pub trait Provider {
    ///
    /// See [RFC 6749, section 3.2](http://tools.ietf.org/html/rfc6749#section-3.2).
    fn token_uri() -> &'static str;
+
+    /// Provider supports credentials via request body only.
+    /// Although not recommended by the RFC, some implementations accept client_id
+    /// and client_secret as a part of request only (most notable offender is vk.com).
+    ///
+    /// See [RFC 6749, section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1).
+    fn credentials_in_body() -> bool { false }
 }

 /// Google OAuth 2.0 provider.